<?php
/*************************************************************************************
 *
 *	FileName: PageAuthentication.php
 *	Desc    : Page authentication system
 *	Author  : Seal
 *	Date    : 2010-1-3
 *
 *************************************************************************************/
	
	/**********************************************************
	 *	
	 *
	 *
	 *	!!!!!!!!!!!!!!!!!   leave your name in the codes
	 *						where you modified	
	 *
	 *
	 *
	 *	Seal Created by 2010-3-1
	 **********************************************************/
	
	/**********************************************************
	 *	Page Discretionary Access Control List
	 *	The page included in the $DACL will be authenticated.
	 *	 
	 *	Seal created 2010-1-3
	 **********************************************************/
	$DACL = array(
		"add_product",
		"add_review",
		"add_shop",
        "auto_add_product",
		"my_review",	
		"write_message",
		"ajax_del_letter",
		"mail_inbox",
		"ajax_label_letter",
		"ajax_show_letter",
		"user_setting",
		"my_pics",
		'ajax_del_review',
		'ajax_delete_pic',
		'ajax_edit_list_entry',
		'ajax_friend',
		'ajax_msg',
		'ajax_reply_mail',
		'ajax_show_letter',
		'ajax_show_out_letter',
		'mail_outbox',
		'my_edp',
		'modify_shop',
		'consumption_history',
		'del_list',
		'user_list_create',
		'consumption_history',
		'user_setting'
	);
	
	
	/**********************************************************
	 *	Authenticate user
	 *  Seal created 2010-1-3
	 **********************************************************/
	function UserAuthentication()
	{
		global $page_base, $DACL, $pageVars;
		
		if( !in_array($page_base, $DACL) )
			return true;
		
		if( edp_isset_session("userid") && edp_isset_session("username") )
		{
			$pageVars['userinfo'] = array(
				"username" => edp_getsession("username"),
				"userid" => edp_getsession("userid")
			);
			
			return true;
		}
		else if( ($userinfo = getUserFromCookie()) !== false )
		{
			$pageVars['userinfo'] = $userinfo;
			edp_setsession( "userid", $userinfo['userid'] );
			edp_setsession( "username", $userinfo['username'] );
			return true;
		}
		else
		{
			$page_base = 'login';
			$_GET['redir'] = $_SERVER["REQUEST_URI"];
			unset( $_GET['tiny'] );
			return false;
		}
		
	}

	/**********************************************************
	 *	This function will create a valid user just for debug
	 *	to make the system trust the user has logged in.
	 *	Seal Created by 2010-1-3
	 **********************************************************/
	function ImpersonateUser( $userid, $username, $valid = true )
	{
		if( $valid == true )
		{
			edp_setsession( "username", $username);
			edp_setsession( "userid",  $userid );
			
			//compatible with the cookie
			global $secKey;
			$time = time();
			$a = "$username,$userid, $time";
			$c = md5("$a;$secKey");
			$d = base64_encode("$a;$c");
			$_COOKIE[CP_AUTH_TOKEN] = $d;
		}
		else
		{
			edp_unset_session( "username", $username );
			edp_unset_session( "userid",  $userid );
			unset( $_COOKIE[CP_AUTH_TOKEN] );
		}
	}
	
	
	/**********************************************************
	 *	Set information after user login
	 *	Seal Created by 2010-1-3
	 **********************************************************/
	function LoginAsUser( $userid, $username, $rememberUser = false )
	{
		
		edp_setsession( "username", $username );
		edp_setsession( "userid", $userid );
		
		//if( $rememberUser == true )
		setUserToCookie( $userid, $username, $rememberUser );
		
	}
	
	/**********************************************************
	 *	Clear session and cookie after logout
	 *	Seal Created by 2010-1-3
	 **********************************************************/
	function LogoutAsUser()
	{
		edp_unset_session( "username" );
		edp_unset_session( "userid" );
		logoutUser();
	}
	
	/**********************************************************
	 *	Get user's ID from cookie or session
	 *	Seal Created by 2010-1-3
	 **********************************************************/
	function GetLoginUserID()
	{
		// for bbs login
		/*if( edp_isset_session("userid") )
			return edp_getsession("userid");
		else*/ if( ($userinfo = getUserFromCookie()) !== false )
		{
			$pageVars['userinfo'] = $userinfo;
			edp_setsession( "userid", $userinfo['userid'] );
			edp_setsession( "username", $userinfo['username'] );
			return $userinfo['userid'];
		}
			
		return false;
	}
	
	/**********************************************************
	 *	Get user's name from cookie or session
	 *	Seal Created by 2010-1-3
	 **********************************************************/
	function GetLoginUserName()
	{
		if( edp_isset_session("username") )
			return edp_getsession("username");
		else if( ($userinfo = getUserFromCookie()) !== false )
		{
			$pageVars['userinfo'] = $userinfo;
			edp_setsession( "userid", $userinfo['userid'] );
			edp_setsession( "username", $userinfo['username'] );
			return $userinfo['username'];
		}
		
		return false;
	}
	
	
?>
